diff --git a/barretenberg/Earthfile b/barretenberg/Earthfile index 841563b4834..a1bac58650e 100644 --- a/barretenberg/Earthfile +++ b/barretenberg/Earthfile @@ -118,6 +118,7 @@ barretenberg-acir-tests-sol-honk: FROM ../build-images/+from-registry COPY ./cpp/+preset-sol/ /usr/src/barretenberg/cpp/build + COPY ./ts/+build/build/ /usr/src/barretenberg/ts COPY ./cpp/+preset-clang-assert/bin/bb /usr/src/barretenberg/cpp/build/bin/bb COPY ./+acir-tests/ /usr/src/barretenberg/acir_tests COPY ./+sol/ /usr/src/barretenberg/sol @@ -131,6 +132,9 @@ barretenberg-acir-tests-sol-honk: RUN (cd sol-test && yarn) RUN PARALLEL=1 FLOW=honk_sol ./run_acir_tests.sh assert_statement 1_mul slices verify_honk_proof + # Include bbjs tests for UltraHonk with keccak hash function + RUN BIN=../ts/dest/node/main.js FLOW=honk_sol ./run_acir_tests.sh assert_statement 1_mul slices verify_honk_proof + barretenberg-acir-tests-bb.js: # Playwright not supported on base image ubuntu:noble, results in unmet dependencies FROM ../build-images/+base-slim-node diff --git a/barretenberg/acir_tests/flows/honk_sol.sh b/barretenberg/acir_tests/flows/honk_sol.sh index f43b92219b7..377392be24d 100755 --- a/barretenberg/acir_tests/flows/honk_sol.sh +++ b/barretenberg/acir_tests/flows/honk_sol.sh @@ -11,8 +11,8 @@ export PROOF_AS_FIELDS="$(pwd)/proof_fields.json" # Create a proof, write the solidity contract, write the proof as fields in order to extract the public inputs $BIN prove_ultra_keccak_honk -o proof $FLAGS $BFLAG $BIN write_vk_ultra_keccak_honk -o vk $FLAGS $BFLAG -$BIN verify_ultra_keccak_honk -k vk -p proof $FLAGS $BFLAG -$BIN proof_as_fields_honk -k vk $FLAGS -p $PROOF +$BIN verify_ultra_keccak_honk -k vk -p proof $FLAGS +$BIN proof_as_fields_honk $FLAGS -p $PROOF -o proof_fields.json $BIN contract_ultra_honk -k vk $FLAGS -o Verifier.sol # Export the paths to the environment variables for the js test runner diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp index 6e045c395c5..65bcb9fa506 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp @@ -291,6 +291,23 @@ WASM_EXPORT void acir_prove_ultra_honk(uint8_t const* acir_vec, *out = to_heap_buffer(to_buffer(proof)); } +WASM_EXPORT void acir_prove_ultra_keccak_honk(uint8_t const* acir_vec, + bool const* recursive, + uint8_t const* witness_vec, + uint8_t** out) +{ + auto constraint_system = + acir_format::circuit_buf_to_acir_format(from_buffer>(acir_vec), /*honk_recursion=*/true); + auto witness = acir_format::witness_buf_to_witness_data(from_buffer>(witness_vec)); + + auto builder = acir_format::create_circuit( + constraint_system, *recursive, 0, witness, /*honk_recursion=*/true); + + UltraKeccakProver prover{ builder }; + auto proof = prover.construct_proof(); + *out = to_heap_buffer(to_buffer(proof)); +} + WASM_EXPORT void acir_verify_ultra_honk(uint8_t const* proof_buf, uint8_t const* vk_buf, bool* result) { using VerificationKey = UltraFlavor::VerificationKey; @@ -306,6 +323,21 @@ WASM_EXPORT void acir_verify_ultra_honk(uint8_t const* proof_buf, uint8_t const* *result = verifier.verify_proof(proof); } +WASM_EXPORT void acir_verify_ultra_keccak_honk(uint8_t const* proof_buf, uint8_t const* vk_buf, bool* result) +{ + using VerificationKey = UltraKeccakFlavor::VerificationKey; + using VerifierCommitmentKey = bb::VerifierCommitmentKey; + using Verifier = UltraVerifier_; + + auto proof = from_buffer>(from_buffer>(proof_buf)); + auto verification_key = std::make_shared(from_buffer(vk_buf)); + verification_key->pcs_verification_key = std::make_shared(); + + Verifier verifier{ verification_key }; + + *result = verifier.verify_proof(proof); +} + WASM_EXPORT void acir_write_vk_ultra_honk(uint8_t const* acir_vec, bool const* recursive, uint8_t** out) { using DeciderProvingKey = DeciderProvingKey_; @@ -321,10 +353,10 @@ WASM_EXPORT void acir_write_vk_ultra_honk(uint8_t const* acir_vec, bool const* r *out = to_heap_buffer(to_buffer(vk)); } -WASM_EXPORT void get_honk_solidity_verifier_vk(uint8_t const* acir_vec, bool const* recursive, uint8_t** out) +WASM_EXPORT void acir_write_vk_ultra_keccak_honk(uint8_t const* acir_vec, bool const* recursive, uint8_t** out) { - using DeciderProvingKey = DeciderProvingKey_; - using VerificationKey = UltraFlavor::VerificationKey; + using DeciderProvingKey = DeciderProvingKey_; + using VerificationKey = UltraKeccakFlavor::VerificationKey; auto constraint_system = acir_format::circuit_buf_to_acir_format(from_buffer>(acir_vec), /*honk_recursion=*/true); @@ -333,8 +365,19 @@ WASM_EXPORT void get_honk_solidity_verifier_vk(uint8_t const* acir_vec, bool con DeciderProvingKey proving_key(builder); VerificationKey vk(proving_key.proving_key); + *out = to_heap_buffer(to_buffer(vk)); +} + +WASM_EXPORT void acir_honk_solidity_verifier(uint8_t const* proof_buf, uint8_t const* vk_buf, uint8_t** out) +{ + using VerificationKey = UltraKeccakFlavor::VerificationKey; + using VerifierCommitmentKey = bb::VerifierCommitmentKey; + + auto proof = from_buffer>(from_buffer>(proof_buf)); + auto verification_key = from_buffer(vk_buf); + verification_key.pcs_verification_key = std::make_shared(); - auto str = get_honk_solidity_verifier(&vk); + auto str = get_honk_solidity_verifier(&verification_key); *out = to_heap_buffer(str); } diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.hpp index 64197459b27..badca7ba106 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.hpp @@ -76,6 +76,7 @@ WASM_EXPORT void acir_get_proving_key(in_ptr acir_composer_ptr, WASM_EXPORT void acir_verify_proof(in_ptr acir_composer_ptr, uint8_t const* proof_buf, bool* result); WASM_EXPORT void acir_get_solidity_verifier(in_ptr acir_composer_ptr, out_str_buf out); +WASM_EXPORT void acir_honk_solidity_verifier(uint8_t const* proof_buf, uint8_t const* vk_buf, uint8_t** out); WASM_EXPORT void acir_serialize_proof_into_fields(in_ptr acir_composer_ptr, uint8_t const* proof_buf, @@ -90,10 +91,16 @@ WASM_EXPORT void acir_prove_ultra_honk(uint8_t const* acir_vec, bool const* recursive, uint8_t const* witness_vec, uint8_t** out); +WASM_EXPORT void acir_prove_ultra_keccak_honk(uint8_t const* acir_vec, + bool const* recursive, + uint8_t const* witness_vec, + uint8_t** out); WASM_EXPORT void acir_verify_ultra_honk(uint8_t const* proof_buf, uint8_t const* vk_buf, bool* result); +WASM_EXPORT void acir_verify_ultra_keccak_honk(uint8_t const* proof_buf, uint8_t const* vk_buf, bool* result); WASM_EXPORT void acir_write_vk_ultra_honk(uint8_t const* acir_vec, bool const* recursive, uint8_t** out); +WASM_EXPORT void acir_write_vk_ultra_keccak_honk(uint8_t const* acir_vec, bool const* recursive, uint8_t** out); WASM_EXPORT void acir_proof_as_fields_ultra_honk(uint8_t const* proof_buf, fr::vec_out_buf out); diff --git a/barretenberg/ts/src/barretenberg/backend.ts b/barretenberg/ts/src/barretenberg/backend.ts index db292c1a926..2518832f3d3 100644 --- a/barretenberg/ts/src/barretenberg/backend.ts +++ b/barretenberg/ts/src/barretenberg/backend.ts @@ -153,6 +153,17 @@ const fieldByteSize = 32; const publicInputOffset = 3; const publicInputsOffsetBytes = publicInputOffset * fieldByteSize; +/** + * Options for the UltraHonkBackend. + */ +export type UltraHonkBackendOptions = { + /**Selecting this option will use the keccak hash function instead of poseidon + * when generating challenges in the proof. + * Use this when you want to verify the created proof on an EVM chain. + */ + keccak: boolean; +}; + export class UltraHonkBackend { // These type assertions are used so that we don't // have to initialize `api` in the constructor. @@ -182,9 +193,14 @@ export class UltraHonkBackend { } } - async generateProof(compressedWitness: Uint8Array): Promise { + async generateProof(compressedWitness: Uint8Array, options?: UltraHonkBackendOptions): Promise { await this.instantiate(); - const proofWithPublicInputs = await this.api.acirProveUltraHonk( + + const proveUltraHonk = options?.keccak + ? this.api.acirProveUltraKeccakHonk.bind(this.api) + : this.api.acirProveUltraHonk.bind(this.api); + + const proofWithPublicInputs = await proveUltraHonk( this.acirUncompressedBytecode, this.circuitOptions.recursive, gunzip(compressedWitness), @@ -213,12 +229,20 @@ export class UltraHonkBackend { return { proof, publicInputs }; } - async verifyProof(proofData: ProofData): Promise { + async verifyProof(proofData: ProofData, options?: UltraHonkBackendOptions): Promise { await this.instantiate(); + const proof = reconstructHonkProof(flattenFieldsAsArray(proofData.publicInputs), proofData.proof); - const vkBuf = await this.api.acirWriteVkUltraHonk(this.acirUncompressedBytecode, this.circuitOptions.recursive); - return await this.api.acirVerifyUltraHonk(proof, new RawBuffer(vkBuf)); + const writeVkUltraHonk = options?.keccak + ? this.api.acirWriteVkUltraKeccakHonk.bind(this.api) + : this.api.acirWriteVkUltraHonk.bind(this.api); + const verifyUltraHonk = options?.keccak + ? this.api.acirVerifyUltraKeccakHonk.bind(this.api) + : this.api.acirVerifyUltraHonk.bind(this.api); + + const vkBuf = await writeVkUltraHonk(this.acirUncompressedBytecode, this.circuitOptions.recursive); + return await verifyUltraHonk(proof, new RawBuffer(vkBuf)); } async getVerificationKey(): Promise { @@ -227,10 +251,11 @@ export class UltraHonkBackend { } /** @description Returns a solidity verifier */ - async getSolidityVerifier(): Promise { + async getSolidityVerifier(vk?: Uint8Array): Promise { await this.instantiate(); - await this.api.acirWriteVkUltraHonk(this.acirUncompressedBytecode, this.circuitOptions.recursive); - return await this.api.getHonkSolidityVerifier(this.acirUncompressedBytecode, this.circuitOptions.recursive); + const vkBuf = + vk ?? (await this.api.acirWriteVkUltraHonk(this.acirUncompressedBytecode, this.circuitOptions.recursive)); + return await this.api.acirHonkSolidityVerifier(this.acirUncompressedBytecode, vkBuf); } // TODO(https://github.com/noir-lang/noir/issues/5661): Update this to handle Honk recursive aggregation in the browser once it is ready in the backend itself diff --git a/barretenberg/ts/src/barretenberg_api/index.ts b/barretenberg/ts/src/barretenberg_api/index.ts index 02cfcf5bf10..287336092cf 100644 --- a/barretenberg/ts/src/barretenberg_api/index.ts +++ b/barretenberg/ts/src/barretenberg_api/index.ts @@ -569,6 +569,19 @@ export class BarretenbergApi { return out[0]; } + async acirProveUltraKeccakHonk(acirVec: Uint8Array, recursive: boolean, witnessVec: Uint8Array): Promise { + console.log('acirProveUltraKeccakHonk in'); + const inArgs = [acirVec, recursive, witnessVec].map(serializeBufferable); + const outTypes: OutputType[] = [BufferDeserializer()]; + const result = await this.wasm.callWasmExport( + 'acir_prove_ultra_keccak_honk', + inArgs, + outTypes.map(t => t.SIZE_IN_BYTES), + ); + const out = result.map((r, i) => outTypes[i].fromBuffer(r)); + return out[0]; + } + async acirVerifyUltraHonk(proofBuf: Uint8Array, vkBuf: Uint8Array): Promise { const inArgs = [proofBuf, vkBuf].map(serializeBufferable); const outTypes: OutputType[] = [BoolDeserializer()]; @@ -581,6 +594,18 @@ export class BarretenbergApi { return out[0]; } + async acirVerifyUltraKeccakHonk(proofBuf: Uint8Array, vkBuf: Uint8Array): Promise { + const inArgs = [proofBuf, vkBuf].map(serializeBufferable); + const outTypes: OutputType[] = [BoolDeserializer()]; + const result = await this.wasm.callWasmExport( + 'acir_verify_ultra_keccak_honk', + inArgs, + outTypes.map(t => t.SIZE_IN_BYTES), + ); + const out = result.map((r, i) => outTypes[i].fromBuffer(r)); + return out[0]; + } + async acirWriteVkUltraHonk(acirVec: Uint8Array, recursive: boolean): Promise { const inArgs = [acirVec, recursive].map(serializeBufferable); const outTypes: OutputType[] = [BufferDeserializer()]; @@ -593,11 +618,23 @@ export class BarretenbergApi { return out[0]; } - async getHonkSolidityVerifier(acirVec: Uint8Array, recursive: boolean): Promise { + async acirWriteVkUltraKeccakHonk(acirVec: Uint8Array, recursive: boolean): Promise { const inArgs = [acirVec, recursive].map(serializeBufferable); const outTypes: OutputType[] = [BufferDeserializer()]; const result = await this.wasm.callWasmExport( - 'get_honk_solidity_verifier_vk', + 'acir_write_vk_ultra_keccak_honk', + inArgs, + outTypes.map(t => t.SIZE_IN_BYTES), + ); + const out = result.map((r, i) => outTypes[i].fromBuffer(r)); + return out[0]; + } + + async acirHonkSolidityVerifier(acirVec: Uint8Array, vkBuf: Uint8Array): Promise { + const inArgs = [acirVec, vkBuf].map(serializeBufferable); + const outTypes: OutputType[] = [BufferDeserializer()]; + const result = await this.wasm.callWasmExport( + 'acir_honk_solidity_verifier', inArgs, outTypes.map(t => t.SIZE_IN_BYTES), ); diff --git a/barretenberg/ts/src/main.ts b/barretenberg/ts/src/main.ts index 26e6d7388e3..04cbf8bf3a6 100755 --- a/barretenberg/ts/src/main.ts +++ b/barretenberg/ts/src/main.ts @@ -8,6 +8,7 @@ import { Command } from 'commander'; import { decode } from '@msgpack/msgpack'; import { Timer, writeBenchmark } from './benchmark/index.js'; import path from 'path'; +import { UltraHonkBackendOptions } from './barretenberg/backend.js'; createDebug.log = console.error.bind(console); const debug = createDebug('bb.js'); @@ -334,6 +335,27 @@ export async function contract(outputPath: string, vkPath: string) { } } +export async function contractUltraHonk(bytecodePath: string, vkPath: string, crsPath: string, outputPath: string) { + const { api } = await initUltraHonk(bytecodePath, false, crsPath); + try { + console.log('bytecodePath', bytecodePath); + const bytecode = getBytecode(bytecodePath); + console.log('vkPath', vkPath); + const vk = new RawBuffer(readFileSync(vkPath)); + const contract = await api.acirHonkSolidityVerifier(bytecode, vk); + + if (outputPath === '-') { + process.stdout.write(contract); + debug(`contract written to stdout`); + } else { + writeFileSync(outputPath, contract); + debug(`contract written to: ${outputPath}`); + } + } finally { + await api.destroy(); + } +} + export async function writeVk(bytecodePath: string, recursive: boolean, crsPath: string, outputPath: string) { const { api, acirComposer } = await initUltraPlonk(bytecodePath, recursive, crsPath); try { @@ -432,13 +454,18 @@ export async function proveUltraHonk( witnessPath: string, crsPath: string, outputPath: string, + options?: UltraHonkBackendOptions, ) { const { api } = await initUltraHonk(bytecodePath, recursive, crsPath); try { debug(`creating proof...`); const bytecode = getBytecode(bytecodePath); const witness = getWitness(witnessPath); - const proof = await api.acirProveUltraHonk(bytecode, recursive, witness); + + const acirProveUltraHonk = options?.keccak + ? api.acirProveUltraKeccakHonk.bind(api) + : api.acirProveUltraHonk.bind(api); + const proof = await acirProveUltraHonk(bytecode, recursive, witness); debug(`done.`); if (outputPath === '-') { @@ -453,12 +480,22 @@ export async function proveUltraHonk( } } -export async function writeVkUltraHonk(bytecodePath: string, recursive: boolean, crsPath: string, outputPath: string) { +export async function writeVkUltraHonk( + bytecodePath: string, + recursive: boolean, + crsPath: string, + outputPath: string, + options?: UltraHonkBackendOptions, +) { const { api } = await initUltraHonk(bytecodePath, recursive, crsPath); try { const bytecode = getBytecode(bytecodePath); debug('initing verification key...'); - const vk = await api.acirWriteVkUltraHonk(bytecode, recursive); + + const acirWriteVkUltraHonk = options?.keccak + ? api.acirWriteVkUltraKeccakHonk.bind(api) + : api.acirWriteVkUltraHonk.bind(api); + const vk = await acirWriteVkUltraHonk(bytecode, recursive); if (outputPath === '-') { process.stdout.write(vk); @@ -472,10 +509,14 @@ export async function writeVkUltraHonk(bytecodePath: string, recursive: boolean, } } -export async function verifyUltraHonk(proofPath: string, vkPath: string) { +export async function verifyUltraHonk(proofPath: string, vkPath: string, options?: UltraHonkBackendOptions) { const { api } = await initLite(); try { - const verified = await api.acirVerifyUltraHonk(readFileSync(proofPath), new RawBuffer(readFileSync(vkPath))); + const acirVerifyUltraHonk = options?.keccak + ? api.acirVerifyUltraKeccakHonk.bind(api) + : api.acirVerifyUltraHonk.bind(api); + const verified = await acirVerifyUltraHonk(readFileSync(proofPath), new RawBuffer(readFileSync(vkPath))); + debug(`verified: ${verified}`); return verified; } finally { @@ -641,6 +682,17 @@ program await contract(outputPath, vkPath); }); +program + .command('contract_ultra_honk') + .description('Output solidity verification key contract.') + .option('-b, --bytecode-path ', 'Specify the bytecode path', './target/program.json') + .option('-o, --output-path ', 'Specify the path to write the contract', './target/contract.sol') + .requiredOption('-k, --vk-path ', 'Path to a verification key.') + .action(async ({ bytecodePath, outputPath, vkPath, crsPath }) => { + handleGlobalOptions(); + await contractUltraHonk(bytecodePath, vkPath, crsPath, outputPath); + }); + program .command('write_vk') .description('Output verification key.') @@ -696,6 +748,18 @@ program await proveUltraHonk(bytecodePath, recursive, witnessPath, crsPath, outputPath); }); +program + .command('prove_ultra_keccak_honk') + .description('Generate a proof and write it to a file.') + .option('-b, --bytecode-path ', 'Specify the bytecode path', './target/program.json') + .option('-r, --recursive', 'Create a SNARK friendly proof', false) + .option('-w, --witness-path ', 'Specify the witness path', './target/witness.gz') + .option('-o, --output-path ', 'Specify the proof output path', './proofs/proof') + .action(async ({ bytecodePath, recursive, witnessPath, outputPath, crsPath }) => { + handleGlobalOptions(); + await proveUltraHonk(bytecodePath, recursive, witnessPath, crsPath, outputPath, { keccak: true }); + }); + program .command('write_vk_ultra_honk') .description('Output verification key.') @@ -707,6 +771,17 @@ program await writeVkUltraHonk(bytecodePath, recursive, crsPath, outputPath); }); +program + .command('write_vk_ultra_keccak_honk') + .description('Output verification key.') + .option('-b, --bytecode-path ', 'Specify the bytecode path', './target/program.json') + .option('-r, --recursive', 'Create a SNARK friendly proof', false) + .requiredOption('-o, --output-path ', 'Specify the path to write the key') + .action(async ({ bytecodePath, recursive, outputPath, crsPath }) => { + handleGlobalOptions(); + await writeVkUltraHonk(bytecodePath, recursive, crsPath, outputPath, { keccak: true }); + }); + program .command('verify_ultra_honk') .description('Verify a proof. Process exists with success or failure code.') @@ -718,6 +793,17 @@ program process.exit(result ? 0 : 1); }); +program + .command('verify_ultra_keccak_honk') + .description('Verify a proof. Process exists with success or failure code.') + .requiredOption('-p, --proof-path ', 'Specify the path to the proof') + .requiredOption('-k, --vk ', 'path to a verification key. avoids recomputation.') + .action(async ({ proofPath, vk }) => { + handleGlobalOptions(); + const result = await verifyUltraHonk(proofPath, vk, { keccak: true }); + process.exit(result ? 0 : 1); + }); + program .command('proof_as_fields_honk') .description('Return the proof as fields elements')